SIP Routing Rules and Policies

Routing to accomodate SIP applications.

The Deep Packet Inspection capable firewalls offer the ability to apply Routing and Dial Plan rules to all incoming SIP traffic. As the Ingate product has the ability to look at Layer 2 through Layer 7 of the OSI model, Routing and Dial Plan rules can combine the use of several layers at once. Combining such things as the TCP/IP (Transport Layer) with the SIP protocol (Application Layer) ensures that only predefined SIP traffic is processed.

Best Routing Rules:

  1. Match From Header, where the router can match on the From Header SIP URI, (the person making the call). In addition the router can separate the Transport whether UDP, TCP or TLS, and further we can specify which IP address or range of IP addresses at the Network layer from which we can accept calls.
  2. Matching Request URI. The Request URI Header is a routable header of any SIP Request. The router can Match & Remove a Prefix, Match any specific Alpha/ Numeric characters or even range of characters. This also includes Domain matching.
  3. Forward To. The Forward To section defines where to ‘actually’ send the call – perhaps to a predefined account, with Registration and/or Header Replacement requirements/behavior; or to an IP address or Domain. It can also change the call request to a different Transport and port if required, and even dynamically assign the use of our B2BUA if needed.

The actual Dial Plan, then, combines these three attributes to provide the ultimate in flexibility and security in defining:

  • accepting where the call is coming from and
  • where the call is going. If the SIP traffic is not predefined it will be denied.

This also gives the ability to have multiple different IP-PBX vendors and multiple different ITSP accounts. N+1 ITSPs to N+1 IP-PBXs. There is no limit to the customization of call routing in some routers.

Best Policies:

Policies related to SIP have to do with allowing or disallowing SIP traffic based on SIP Methods, SIP Mime Content, SIP Domains and other higher-level rules. A SIP Method policy can be implemented to ensure incoming SIP packets are matched on the particular SIP Method and Traffic to specified domains. If required, Authentication can be applied for processing the packet. Further policies can be applied to filter MIME Content types, to ensure the type of SIP Traffic is allowed. Filtering based on specific Header information is also possible.

Other Routing Rules and Policies can also be applied to allow for SIP Domain forwarding, Static SIP URI forwarding, SIP Registrar Authentication, and more.